publication croisée depuis : https://lemmy.world/post/16156662
To be completely open, this is not a question about XCP-ng vs Proxmox. I’m open to doing everything in the cli, comparing two platforms is not my intention here.
I’m very interested in the security benefits one has over the other though. AFAIK Xen has a dedicated for security? I’d like to think that both are reasonably secure by default, but I do not get many hits for “KVM hardening”, for example, only OS-level hardening advice.
Do both protect equally against attacks that try to escape the VM? Is there anything in terms of security that one has and the other doesn’t?
I know this is not the usual kind of question that is asked on this sub, any help is greatly appreciated!
I’m just being a bit paranoid with my attempts, and yes just KVM on Debian would work perfectly fine for my purposes but I’d like to take the more secure alternative if possible. Another comment about kernel hardening was a good one for KVM, and unfortunately AMD SEV is not available on most of their consumer chips (especially the older generations).
If I were to switch off multi-threading but assign vCPUs to my VM assuming multi-threaded capacity (I.e. assign 12 vCPUs to my lab cluster after switching of SMT for my 6 core CPU), would I face performance issues? I wonder